CVE-2026-8254 | Devs Palace ERP Online up to 4.0.0 /inventory/sales_save cross site scripting

Inserito da Angelo Barbosa | Mag 10, 2026 | CVE

A vulnerability was found in Devs Palace ERP Online up to 4.0.0. It has been declared as problematic. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross site scripting.

This vulnerability is known as CVE-2026-8254. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-8254 | Devs Palace ERP Online up to 4.0.0 /inventory/sales_save cross site scripting

Post correlati

CVE-2024-0632 | juangirini Automatic Translator with Google Translate Plugin up to 1.5.4 on WordPress Custom Font Setting cross site scripting

CVE-2023-53706 | Linux Kernel up to 6.3.4 vmemmap_populate_compound_pages denial of service

CVE-2023-45084 | SoftIron HyperCloud up to 2.0.2 Drive Caddy missing synchronization

CVE-2023-49453 | Racktables up to 0.22.0 index.php cross site scripting